New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Enable HSTS in .htaccess File
Mahfuz_SS_EHL
Host Rep, Veteran
in Help
Hi,
When enabling HSTS (HTTP Strict Transport Security) via Apache Configuration in WHM Root server, I added "Header always set Strict-Transport-Security "max-age=15552000"" in Apache Configuration > Pre VirtualHost Include & it works.
But, when I try to do this via .htaccess file, it doesn't work out. I tried numerous number of methods described over Internet but none of them worked out.
Is that not working for any option in my server such that something is interfering to override apache configuration ?? Or, I'm doing mistake in .htaccess file ?
Comments
It works fine for me.
Did you remember to add mod_headers to your config?
Why not do it directly in the config?
Also, I always ask this to people enabling HSTS: are you 100% sure that you want to have an age that long? You could permanently ruin your site for users that visit regularly.
I tried that also. Didn't work out for me.
You mean I need to add to the Apache Configuration ?? If you meant .htaccess, yes, I tried with mod_headers.
I want it to that website I'm trying to enable. That's why, I'm looking for a specific option e.g. .htaccess editing rather than implementing it directly into core configuration.
Note that says IfModule. That means IF it's enabled. Take out the IfModule stanzas, and see if it crashes. If it does, mod_headers is probably not enabled. I'd also suggest checking the logfiles, but the above is the fastest user-level way of checking without root.
How mod_headers can be enabled ?? I assume this is the problem.
a2enmod headers
Then restart Apache.